Object Manager

  • In Windows, everything is an object - every file, process, and thread is presented in kernel memory as an object structure

  • Each object has an assigned security descriptor which determines which users can access the object and determines the type of access they have

  • This is the component of the kernel responsible for managing these resource objects, memory allocations and lifetimes.

Object Manager Namespace (OMNS)

  • OMNS is built out of Directory objects

    • Each directory contains other objects that can be considered to be files

    • Each directory has a security descriptor that determines which users can list its contents and who can create new subdirectories and objects inside it

    Exposing the OMNS

  • SymbolicLink type

    • redirects one OMNS path to another

    • contains a SymbolicLinkTarget property, which contains the target that the link should open

Path
Description

\BaseNamedObjects

Global directory for user objects

\Device

Directory containing devices such as mounted filesystems

\GLOBAL??

Global directory for symbolic links, including drive mappings

\KnownDlls

Directory containing special, known DLL mappings

\ObjectTypes

Directory containing named object types

\Sessions

Directory for separate console sessions

\Windows

Directory for objects related to the Windows Manager

\RPC Control

Directory for remote procedure call endpoints

  • BasedNamedObjects (BNO)

    • Allows any user to create named kernel objects

    • Allows the sharing of resources between different users on the local system

PreviousSecurity Reference Monitor (SRM)NextSystem Calls

Last updated